If you want to know more on DDoS, I suggest you reading this tutorial before moving on:

I know their are a lot more ways to DoS than are shown here, but i’ll let you figure them out yourself. If you find any mistake in this tutorial please tell me… 😉

What is “DDoS”?

Denial of Service attacks (or Distributed Denial of Service attacks [DDoS]) are a form of organized attacks with the goal of taking down a server by overloading it. Often by sending useless information(packets) to a server in massive amounts.

Keep in mind that altough spreading knowledge is my main goal, performing DDoS attacks is indeed a federal cyber crime.

It is also an international offence and will be punished according to the local laws of the individual’s country.

But enough talk. I will now show you a quick example of a DoS attack of sorts you can do on your local computer.

Sample

Keep in mind that this is NOT a real DoS attack, but rather an example to visualize how a DoS attack works.

You will take down YOUR computer.

Step 1
Open up notepad, mousepad, or your favored equivalent.

Step 2
Type in this simple batch command
Code:

:astartgoto a

Step 3

Save as “dos.bat” making sure you select “All files” from the “File Type” dialog.

Step 4
Run that sucker, but save your work first, as this will crash even the best computers in a matter of minutes.

What did you learn from this?

Observe how the file rapidly replicates itself, opening a new CMD right after it opens another.
An infinite loop has been created that has filled the RAM with useless and massive amounts of CMDs (or Terminals for Unix folks)

DDoS attacks work much the same way, except instead of replicating an infinite number of CMDs, they send information(packets) to the server over and over and over again until the server crashes.

What information you may ask?

Anything. Your login name, your ‘online’ status, a new comment, the number of views on a video, your new high score. Absolutely any information that could be resent a massive amount of times to the same server.

Next we will be discussing the simplest form of DDoS.

DDoS by Ping Flood

Please note that I will be pinging my Localhost. You should too.

Perhaps one of the simplest ways to DoS is by using the ‘ping’ command built into most operating systems, including all windows and Linux distributions.

Step 1
Start up your server. Mine is apache, but that is beside the point, the server type does not matter. If it has an IP address, it can be pinged.

Step 3
Press enter and watch it ping the localhost over and over until your server crashes, or you get tired of waiting for it to crash.
Since most modern servers can take the stress of the ping flood, you will need to get all your friends to help you ping to bring your server down. Or even slow it down.

Command Explained

ping – tells the computer to ping a server-t – It will continue to ping the server until the command is closed, or stopped.-a – Resolves the address to host names.-l – Size.

By default the ping will send 32 bytes of data to the server, so you must change this to a bigger number. The maximum is 65,500 bytes, so that is what we used.

If you send a server any number higher than 65,500 bytes it will instantly crash. This is called “Ping of Death“.
Like any other thing with the suffix “of Death” it is very rare, and hard to accomplish indeed.
In order to learn more about the Ping of Death, read my huge response to this very thread, here!

DDoS by Reloading

Something as simple as reloading a page can take down a server if done enough times.

Step 1
Make a page that lets you submit forms. Method=’GET’ is better than method=’POST’ for this, but both will work.
(If you do not understand step 1, just find a page that lets you submit information, like a new comment or upload a picture)

Step 2
Fill out the forms and submit

Step 3
Reload the page
If the page uses the POST method your browser will display a dialog asking if you are sure you want to resend the information, or something to that effect. Simply click “Continue” or “OK”.(see now why GET is better?)

Step 4
Keep reloading until server is down.
Their are many add ons and tools that allow you to auto-reload a page. It is a matter of googleing for them. They are widely available and free.

This method is very primitive as you can see, but it is probably the best way to DDoS.

Low-Orbit Ion Cannon

LOIC (Low Orbit Ion Cannon) is an app, written in C# and developed by praetox, that was used by Anonymous during Project Chanology. It attempts to DoS the target site by using all its bandwidth, sending TCP, UDP, or HTTP requests to the server until it crashes.

IP or URL = IP or URL that you wish to DoS
TCP / UDP message = information being sent, just write something random. Or leave it as default.
Port = Server’s port
Method = Server’s Method, leave as TCP if unknown
If you are gonna try to take down a website then use HTTP
Speed = set to “<= faster”
Threads = How many users it should simulate, the higher the number the faster it will crash. Set to 10,000. Note that this might make your computer lag, if so, set to a lower amount.

Warning

This tool might not seem like much, but many people of all ages have been arrested and convicted for knowingly using this tool. Remember DoS and DDoS are federal crimes, however insignificant it may seem. Use at your own discretion.

Conclusion

Now you know what a DDoS attack is and you can work to better protect your self.

Their are still many other ways to attack a server, but these are the basics of DoS.
Protect your servers. xD

Like any web developer I hope you will use this information for the good.
Sadly I know that their are those among us that are, even now as we read this, plotting how to do harm with this information.

To those, I flip the bird.

You may use this tutorial, in part or as a whole, for whatever purpose.

I hope you enjoyed reading this tutorial. Hit like, comment and share!

# This is what they say

Martin

Hello :), I have been following your tutorials and think they are really good. I have basic pentesting skills and know basically how to use Kali, metasploit etc. but have no coding skills which is something I will be working on, but I would like to ask you if you would tutor me, against compensation of course in regards to getting things working, I mean if I’m stuck I could ask you for advice, this way I would learn faster and not waste days on a problem, and you would be able to supplement your income wile you study, I would need maybe 4-6 hours per week. If you find it int. let talk rates and get going :), best regards Martin.

26th January 2018 at 5:47 PM

Eitan

Hello dear, I am very impressed about your tutorials, you doing a great job revealing so many valuable hacking methods. I been playing around long time and yet i couldn’t find a stable RAT which pass runtime in 8 and 10. Please share it with me, i don’t mind pay some coins for coding, we all know quality things costs money. Waiting on your reply, thanks.

18th December 2017 at 2:12 AM

Jacob Mason

Hi, Hope you are doing great I know you are busy, so I will be quick. I came across your blog (hackeroyale.com) and found it quite interesting. I feel my writings could be a source of great interest to your readers. I’m really looking forward to getting my work published on your blog. Thanks for your time and keep the awesome work. Much Regards Jacob Mason